d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of OpenBSM 1.0 alpha 11, with the following change history

Browse Source 
notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than the
  fr/fw class; our default classes audit intent (open) not operations (read,
  write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
  and writes of sysctls as separate events.  Add additional kernel
  environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
  (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
  by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
  a dropped request, the log file will otherwise grow indefinitely if the
  trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
  routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
  representations of audit_control policy flags and the flags passed to
  auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
  extension to the Solaris file format to allow specification of policy
  persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
  policy to match it when configuring/reconfiguring.  Remove the -s and -h
  arguments as these policies are now set via the configuration file.  If a
  policy line is not found in the configuration file, continue with the
  current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
  variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.

Obtained from:	TrustedBSD Project
This commit is contained in:
Robert Watson 2006-09-21 07:07:33 +00:00
parent fdb4472c92
commit bb97b41819
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/openbsm/dist/; revision=162503
61 changed files with 694 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
contrib/openbsm/HISTORY
View File

@ -1,3 +1,37 @@
OpenBSM 1.0 alpha 11
- Reclassify certain read/write operations as having no class rather than the
fr/fw class; our default classes audit intent (open) not operations (read,
write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
and writes of sysctls as separate events. Add additional kernel
environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
(issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
a dropped request, the log file will otherwise grow indefinitely if the
trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
representations of audit_control policy flags and the flags passed to
auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
extension to the Solaris file format to allow specification of policy
persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
policy to match it when configuring/reconfiguring. Remove the -s and -h
arguments as these policies are now set via the configuration file. If a
policy line is not found in the configuration file, continue with the
current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.
OpenBSM 1.0 alpha 10
- auditd now generates complete audit records for its events, as required for
@ -209,4 +243,4 @@ OpenBSM 1.0 alpha 1
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#26 $
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#33 $

7
contrib/openbsm/TODO
View File

@ -17,5 +17,10 @@
just at the beginning of a record. This will make it easier to use
praudit in test suites processing single-token files without header and
trailer context.
- Teach auditd how to notify a script when it is done with trail files so
that the script can archive them, compress them, delete them, whatever.
It should walk any trail files found at startup also, assuming it
successfully registers.
- Put hostname in trail file name.
$P4: //depot/projects/trustedbsd/openbsm/TODO#6 $
$P4: //depot/projects/trustedbsd/openbsm/TODO#7 $

2
contrib/openbsm/VERSION
View File

@ -1 +1 @@
OPENBSM_1_0_ALPHA_9
OPENBSM_1_0_ALPHA_11

4
contrib/openbsm/bin/audit/audit.c
View File

@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#6 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#7 $
*/
/*
* Program to trigger the audit daemon with a message that is either:
@ -75,7 +75,7 @@ main(int argc, char **argv)
switch(ch) {
case 'n':
trigger = AUDIT_TRIGGER_OPEN_NEW;
trigger = AUDIT_TRIGGER_ROTATE_USER;
break;
case 's':

22
contrib/openbsm/bin/auditd/auditd.8
View File

@ -29,7 +29,7 @@
.\"
.\" @APPLE_BSD_LICENSE_HEADER_END@
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#8 $
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#9 $
.\"
.Dd January 24, 2004
.Dt AUDITD 8
@ -51,14 +51,20 @@ The options are as follows:
.Bl -tag -width Ds
.It Fl d
Starts the daemon in debug mode - it will not daemonize.
.It Fl h
Specifies that if auditing cannot be performed as specified, the system should
halt (panic). Normally, the system will attempt to proceed - although individual
processes may be stopped (see the -s option).
.It Fl s
Specifies that individual processes should stop rather than perform operations
that may cause audit records to be lost due to log file full conditions
.El
.Pp
The historical
.Fl h
and
.Fl s
flags are now configured using
.Xr audit_control 5
policy flags
.Dv ahlt
and
.Dv cnt ,
and are no longer available as arguments to
.Xr auditd 8 .
.Sh NOTE
.Pp
To assure uninterrupted audit support, the

126
contrib/openbsm/bin/auditd/auditd.c
View File

@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $
*/
#include <sys/types.h>
@ -59,6 +59,7 @@
#include "auditd.h"
#define NA_EVENT_STR_SIZE 25
#define POL_STR_SIZE 128
static int ret, minval;
static char *lastfile = NULL;
@ -67,7 +68,6 @@ static int triggerfd = 0;
static int sigchlds, sigchlds_handled;
static int sighups, sighups_handled;
static int sigterms, sigterms_handled;
static long global_flags;
static TAILQ_HEAD(, dir_ent) dir_q;
@ -160,8 +160,9 @@ close_lastfile(char *TS)
*ptr = '.';
strcpy(ptr+1, TS);
if (rename(oldname, lastfile) != 0)
syslog(LOG_ERR, "Could not rename %s to %s",
oldname, lastfile);
syslog(LOG_ERR,
"Could not rename %s to %s: %m", oldname,
lastfile);
else
syslog(LOG_INFO, "renamed %s to %s",
oldname, lastfile);
@ -286,7 +287,7 @@ swap_audit_file(void)
free(dirent->dirname);
free(dirent);
}
syslog(LOG_ERR, "Log directories exhausted\n");
syslog(LOG_ERR, "Log directories exhausted");
return (-1);
}
@ -343,7 +344,7 @@ read_control_file(void)
* XXX is generated here?
*/
if (0 == (ret = getacmin(&minval))) {
syslog(LOG_DEBUG, "min free = %d\n", minval);
syslog(LOG_DEBUG, "min free = %d", minval);
if (auditon(A_GETQCTRL, &qctrl, sizeof(qctrl)) != 0) {
syslog(LOG_ERR,
"could not get audit queue settings");
@ -494,31 +495,65 @@ register_daemon(void)
}
/*
* Suppress duplicate messages within a 30 second interval. This should be
* enough to time to rotate log files without thrashing from soft warnings
* generated before the log is actually rotated.
* Handle the audit trigger event.
*
* We suppress (ignore) duplicated triggers in close succession in order to
* try to avoid thrashing-like behavior. However, not all triggers can be
* ignored, as triggers generally represent edge triggers, not level
* triggers, and won't be retransmitted if the condition persists. Of
* specific concern is the rotate trigger -- if one is dropped, then it will
* not be retransmitted, and the log file will grow in an unbounded fashion.
*/
#define DUPLICATE_INTERVAL 30
static void
handle_audit_trigger(int trigger)
{
static int last_trigger;
static int last_trigger, last_warning;
static time_t last_time;
struct dir_ent *dirent;
/*
* Suppres duplicate messages from the kernel within the specified
* interval.
*/
struct timeval ts;
struct timezone tzp;
time_t tt;
/*
* Suppress duplicate messages from the kernel within the specified
* interval.
*/
if (gettimeofday(&ts, &tzp) == 0) {
tt = (time_t)ts.tv_sec;
if ((trigger == last_trigger) &&
(tt < (last_time + DUPLICATE_INTERVAL)))
return;
switch (trigger) {
case AUDIT_TRIGGER_LOW_SPACE:
case AUDIT_TRIGGER_NO_SPACE:
/*
* Triggers we can suppress. Of course, we also need
* to rate limit the warnings, so apply the same
* interval limit on syslog messages.
*/
if ((trigger == last_trigger) &&
(tt < (last_time + DUPLICATE_INTERVAL))) {
if (tt >= (last_warning + DUPLICATE_INTERVAL))
syslog(LOG_INFO,
"Suppressing duplicate trigger %d",
trigger);
return;
}
last_warning = tt;
break;
case AUDIT_TRIGGER_ROTATE_KERNEL:
case AUDIT_TRIGGER_ROTATE_USER:
case AUDIT_TRIGGER_READ_FILE:
/*
* Triggers that we cannot suppress.
*/
break;
}
/*
* Only update last_trigger after aborting due to a duplicate
* trigger, not before, or we will never allow that trigger
* again.
*/
last_trigger = trigger;
last_time = tt;
}
@ -528,7 +563,6 @@ handle_audit_trigger(int trigger)
*/
dirent = TAILQ_FIRST(&dir_q);
switch(trigger) {
case AUDIT_TRIGGER_LOW_SPACE:
syslog(LOG_INFO, "Got low space trigger");
if (dirent && (dirent->softlim != 1)) {
@ -554,7 +588,8 @@ handle_audit_trigger(int trigger)
} else {
/*
* Continue auditing to the current file. Also
* generate an allsoft warning.
* generate an allsoft warning.
*
* XXX do we want to do this ?
*/
audit_warn_allsoft();
@ -577,12 +612,14 @@ handle_audit_trigger(int trigger)
audit_warn_allhard(++allhardcount);
break;
case AUDIT_TRIGGER_OPEN_NEW:
case AUDIT_TRIGGER_ROTATE_KERNEL:
case AUDIT_TRIGGER_ROTATE_USER:
/*
* Create a new file and swap with the one being used in
* kernel
*/
syslog(LOG_INFO, "Got open new trigger");
syslog(LOG_INFO, "Got open new trigger from %s", trigger ==
AUDIT_TRIGGER_ROTATE_KERNEL ? "kernel" : "user");
if (swap_audit_file() == -1)
syslog(LOG_ERR, "Error swapping audit file");
break;
@ -656,10 +693,8 @@ wait_for_events(void)
syslog(LOG_DEBUG, "%s: SIGTERM", __FUNCTION__);
break;
}
if (sigchlds != sigchlds_handled) {
syslog(LOG_DEBUG, "%s: SIGCHLD", __FUNCTION__);
if (sigchlds != sigchlds_handled)
handle_sigchld();
}
if (sighups != sighups_handled) {
syslog(LOG_DEBUG, "%s: SIGHUP", __FUNCTION__);
handle_sighup();
@ -670,7 +705,6 @@ wait_for_events(void)
syslog(LOG_ERR, "%s: read EOF", __FUNCTION__);
return (-1);
}
syslog(LOG_DEBUG, "%s: read %d", __FUNCTION__, trigger);
if (trigger == AUDIT_TRIGGER_CLOSE_AND_DIE)
break;
else
@ -691,10 +725,13 @@ config_audit_controls(void)
au_mask_t aumask;
int ctr = 0;
char naeventstr[NA_EVENT_STR_SIZE];
char polstr[POL_STR_SIZE];
long policy;
/*
* Process the audit event file, obtaining a class mapping for each
* event, and send that mapping into the kernel.
*
* XXX There's a risk here that the BSM library will return NULL
* for an event when it can't properly map it to a class. In that
* case, we will not process any events beyond the one that failed,
@ -703,10 +740,17 @@ config_audit_controls(void)
ev.ae_name = (char *)malloc(AU_EVENT_NAME_MAX);
ev.ae_desc = (char *)malloc(AU_EVENT_DESC_MAX);
if ((ev.ae_name == NULL) || (ev.ae_desc == NULL)) {
if (ev.ae_name != NULL)
free(ev.ae_name);
syslog(LOG_ERR,
"Memory allocation error when configuring audit controls.");
return (-1);
}
/*
* XXXRW: Currently we have no way to remove mappings from the kernel
* when they are removed from the file-based mappings.
*/
evp = &ev;
setauevent();
while ((evp = getauevent_r(evp)) != NULL) {
@ -746,10 +790,21 @@ config_audit_controls(void)
"Failed to obtain non-attributable event mask.");
/*
* Set the audit policy flags based on passed in parameter values.
* If a policy is configured in audit_control(5), implement the
* policy. However, if one isn't defined, set AUDIT_CNT to avoid
* leaving the system in a fragile state.
*/
if (auditon(A_SETPOLICY, &global_flags, sizeof(global_flags)))
syslog(LOG_ERR, "Failed to set audit policy.");
if ((getacpol(polstr, POL_STR_SIZE) == 0) &&
(au_strtopol(polstr, &policy) == 0)) {
if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
syslog(LOG_ERR, "Failed to set audit policy: %m");
} else {
syslog(LOG_ERR, "Failed to obtain policy flags: %m");
policy = AUDIT_CNT;
if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
syslog(LOG_ERR,
"Failed to set default audit policy: %m");
}
return (0);
}
@ -826,7 +881,6 @@ main(int argc, char **argv)
int debug = 0;
int rc;
global_flags |= AUDIT_CNT;
while ((ch = getopt(argc, argv, "dhs")) != -1) {
switch(ch) {
case 'd':
@ -834,20 +888,10 @@ main(int argc, char **argv)
debug = 1;
break;
case 's':
/* Fail-stop option. */
global_flags &= ~(AUDIT_CNT);
break;
case 'h':
/* Halt-stop option. */
global_flags |= AUDIT_AHLT;
break;
case '?':
default:
(void)fprintf(stderr,
"usage: auditd [-h | -s] [-d] \n");
"usage: auditd [-d] \n");
exit(1);
}
}

4
contrib/openbsm/bin/auditd/auditd.h
View File

@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#5 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#6 $
*/
#ifndef _AUDITD_H_
@ -61,7 +61,7 @@ struct dir_ent {
#define HARDLIM_ALL_WARN "allhard"
#define SOFTLIM_ALL_WARN "allsoft"
#define AUDITOFF_WARN "aditoff"
#define AUDITOFF_WARN "auditoff"
#define EBUSY_WARN "ebusy"
#define GETACDIR_WARN "getacdir"
#define HARDLIM_WARN "hard"

25
contrib/openbsm/bsm/audit.h
View File

@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#19 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#21 $
*/
#ifndef _BSM_AUDIT_H
@ -46,18 +46,19 @@
* Triggers for the audit daemon.
*/
#define AUDIT_TRIGGER_MIN 1
#define AUDIT_TRIGGER_LOW_SPACE 1
#define AUDIT_TRIGGER_OPEN_NEW 2
#define AUDIT_TRIGGER_READ_FILE 3
#define AUDIT_TRIGGER_CLOSE_AND_DIE 4
#define AUDIT_TRIGGER_NO_SPACE 5
#define AUDIT_TRIGGER_MAX 5
#define AUDIT_TRIGGER_LOW_SPACE 1 /* Below low watermark. */
#define AUDIT_TRIGGER_ROTATE_KERNEL 2 /* Kernel requests rotate. */
#define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */
#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */
#define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */
#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests roate. */
#define AUDIT_TRIGGER_MAX 6
/*
* Special file that will be read for trigger events from the kernel
* (FreeBSD).
* The special device filename (FreeBSD).
*/
#define AUDIT_TRIGGER_FILE "/dev/audit"
#define AUDITDEV_FILENAME "audit"
#define AUDIT_TRIGGER_FILE ("/dev/" AUDITDEV_FILENAME)
/*
* Pre-defined audit IDs
@ -164,12 +165,12 @@
#define AUDIT_PERZONE 0x2000
/*
* Audit queue control parameters.
* Default audit queue control parameters.
*/
#define AQ_HIWATER 100
#define AQ_MAXHIGH 10000
#define AQ_LOWATER 10
#define AQ_BUFSZ 1024
#define AQ_BUFSZ MAXAUDITDATA
#define AQ_MAXBUFSZ 1048576
/*

5
contrib/openbsm/bsm/audit_kevents.h
View File

@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#40 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#42 $
*/
#ifndef _BSM_AUDIT_KEVENTS_H_
@ -467,6 +467,9 @@
#define AUE_EXTATTR_SET_LINK 43111 /* FreeBSD. */
#define AUE_EXTATTR_LIST_LINK 43112 /* FreeBSD. */
#define AUE_EXTATTR_DELETE_LINK 43113 /* FreeBSD. */
#define AUE_KENV 43114 /* FreeBSD. */
#define AUE_JAIL_ATTACH 43115 /* FreeBSD. */
#define AUE_SYSCTL_WRITE 43116 /* FreeBSD. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the

27
contrib/openbsm/bsm/libbsm.h
View File

@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#27 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#29 $
*/
#ifndef _LIBBSM_H_
@ -37,9 +37,6 @@
* solely to allow OpenSSH to compile; Darwin/Apple code should not use them.
*/
#define AUDIT_MAX_ARGS 10
#define AUDIT_MAX_ENV 10
#include <sys/types.h>
#include <sys/cdefs.h>
@ -55,13 +52,25 @@
#include <mach/mach.h> /* audit_token_t */
#endif
/*
* Size parsed token vectors for execve(2) arguments and environmental
* variables. Note: changing these sizes affects the ABI of the token
* structure, and as the token structure is often placed in the caller stack,
* this is undesirable.
*/
#define AUDIT_MAX_ARGS 128
#define AUDIT_MAX_ENV 128
/*
* Arguments to au_preselect(3).
*/
#define AU_PRS_USECACHE 0
#define AU_PRS_REREAD 1
#define AU_PRS_SUCCESS 1
#define AU_PRS_FAILURE 2
#define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE)
#define AU_PRS_USECACHE 0
#define AU_PRS_REREAD 1
#define AUDIT_EVENT_FILE "/etc/security/audit_event"
#define AUDIT_CLASS_FILE "/etc/security/audit_class"
#define AUDIT_CONTROL_FILE "/etc/security/audit_control"
@ -71,6 +80,7 @@
#define MINFREE_CONTROL_ENTRY "minfree"
#define FLAGS_CONTROL_ENTRY "flags"
#define NA_CONTROL_ENTRY "naflags"
#define POLICY_CONTROL_ENTRY "policy"
#define AU_CLASS_NAME_MAX 8
#define AU_CLASS_DESC_MAX 72
@ -711,11 +721,14 @@ int getacdir(char *name, int len);
int getacmin(int *min_val);
int getacflg(char *auditstr, int len);
int getacna(char *auditstr, int len);
int getacpol(char *auditstr, size_t len);
int getauditflagsbin(char *auditstr, au_mask_t *masks);
int getauditflagschar(char *auditstr, au_mask_t *masks,
int verbose);
int au_preselect(au_event_t event, au_mask_t *mask_p,
int sorf, int flag);
ssize_t au_poltostr(long policy, size_t maxsize, char *buf);
int au_strtopol(const char *polstr, long *policy);
/*
* Functions relating to querying audit event information.

66
contrib/openbsm/compat/strlcat.h Normal file
View File

@ -0,0 +1,66 @@
/*
* Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* dollar OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp dollar
*/
/*
* Appends src to string dst of size siz (unlike strncat, siz is the
* full size of dst, not space left). At most siz-1 characters
* will be copied. Always NUL terminates (unless siz <= strlen(dst)).
* Returns strlen(src) + MIN(siz, strlen(initial dst)).
* If retval >= siz, truncation occurred.
*/
static size_t
strlcat(dst, src, siz)
char *dst;
const char *src;
size_t siz;
{
char *d = dst;
const char *s = src;
size_t n = siz;
size_t dlen;
/* Find the end of dst and adjust bytes left but don't go past end */
while (n-- != 0 && *d != '\0')
d++;
dlen = d - dst;
n = siz - dlen;
if (n == 0)
return(dlen + strlen(s));
while (*s != '\0') {
if (n != 1) {
*d++ = *s;
n--;
}
s++;
}
*d = '\0';
return(dlen + (s - src)); /* count does not include NUL */
}

3
contrib/openbsm/config/config.h.in
View File

@ -86,6 +86,9 @@
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the `strlcat' function. */
#undef HAVE_STRLCAT
/* Define to 1 if you have the `strrchr' function. */
#undef HAVE_STRRCHR

25
contrib/openbsm/configure vendored
View File

@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 .
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#31 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a10.
# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a11.
#
# Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
#
@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='OpenBSM'
PACKAGE_TARNAME='openbsm'
PACKAGE_VERSION='1.0a10'
PACKAGE_STRING='OpenBSM 1.0a10'
PACKAGE_VERSION='1.0a11'
PACKAGE_STRING='OpenBSM 1.0a11'
PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
ac_unique_file="bin/auditreduce/auditreduce.c"
@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures OpenBSM 1.0a10 to adapt to many kinds of systems.
\`configure' configures OpenBSM 1.0a11 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1021,7 +1021,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of OpenBSM 1.0a10:";;
short | recursive ) echo "Configuration of OpenBSM 1.0a11:";;
esac
cat <<\_ACEOF
@ -1162,7 +1162,7 @@ fi
test -n "$ac_init_help" && exit 0
if $ac_init_version; then
cat <<\_ACEOF
OpenBSM configure 1.0a10
OpenBSM configure 1.0a11
generated by GNU Autoconf 2.59
Copyright (C) 2003 Free Software Foundation, Inc.
@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by OpenBSM $as_me 1.0a10, which was
It was created by OpenBSM $as_me 1.0a11, which was
generated by GNU Autoconf 2.59. Invocation command line was
$ $0 $@
@ -19278,7 +19278,7 @@ fi
# Define the identity of the package.
PACKAGE=OpenBSM
VERSION=1.0a10
VERSION=1.0a11
cat >>confdefs.h <<_ACEOF
@ -22834,7 +22834,8 @@ done
for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul
for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strrchr strstr strtol strtoul
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
@ -23478,7 +23479,7 @@ _ASBOX
} >&5
cat >&5 <<_CSEOF
This file was extended by OpenBSM $as_me 1.0a10, which was
This file was extended by OpenBSM $as_me 1.0a11, which was
generated by GNU Autoconf 2.59. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -23541,7 +23542,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
OpenBSM config.status 1.0a10
OpenBSM config.status 1.0a11
configured by $0, generated by GNU Autoconf 2.59,
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"

6
contrib/openbsm/configure.ac
View File

@ -2,8 +2,8 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59)
AC_INIT([OpenBSM], [1.0a10], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#29 $])
AC_INIT([OpenBSM], [1.0a11], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#31 $])
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
AC_CONFIG_AUX_DIR(config)
AC_CONFIG_HEADER([config/config.h])
@ -56,7 +56,7 @@ AC_FUNC_MKTIME
AC_TYPE_SIGNAL
AC_FUNC_STAT
AC_FUNC_STRFTIME
AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul])
AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strrchr strstr strtol strtoul])
# sys/queue.h exists on most systems, but its capabilities vary a great deal.
# test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in

3
contrib/openbsm/etc/audit_control
View File

@ -1,7 +1,8 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#3 $
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#4 $
#
dir:/var/audit
flags:lo
minfree:20
naflags:lo
policy:cnt

15
contrib/openbsm/etc/audit_event
View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#12 $
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#15 $
#
0:AUE_NULL:indir system call:no
1:AUE_EXIT:exit(2):pc
@ -117,8 +117,8 @@
113:AUE_SYSTEMBOOT:system booted:na
114:AUE_ASYNC_DAEMON_EXIT:async_daemon(2) exited:ad
115:AUE_NFSSVC_EXIT:nfssvc(2) exited:ad
128:AUE_WRITEL:writel(2):fw
129:AUE_WRITEVL:writevl(2):fw
128:AUE_WRITEL:writel(2):no
129:AUE_WRITEVL:writevl(2):no
130:AUE_GETAUID:getauid(2):ad
131:AUE_SETAUID:setauid(2):ad
132:AUE_GETAUDIT:getaudit(2):ad
@ -265,7 +265,7 @@
325:AUE_DARWIN_KDEBUGTRACE:system call:pc
326:AUE_DARWIN_FSTAT:fstat(2):fa
327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa
328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr
328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):no
329:AUE_DARWIN_TRUNCATE:truncate(2):fw
330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw
331:AUE_DARWIN_SYSCTL:sysctl(3):ad
@ -321,8 +321,8 @@
43017:AUE_KDEBUGTRACE:system call:pc
43018:AUE_FSTAT:fstat(2):fa
43019:AUE_FPATHCONF:fpathconf(2):fa
43020:AUE_GETDIRENTRIES:getdirentries(2):fr
43021:AUE_SYSCTL:sysctl(3):ad
43020:AUE_GETDIRENTRIES:getdirentries(2):no
43021:AUE_SYSCTL:sysctl(3):ot
43022:AUE_MLOCK:mlock(2):pc
43023:AUE_MUNLOCK:munlock(2):pc
43024:AUE_UNDELETE:undelete(2):fm
@ -415,6 +415,9 @@
43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
43114:AUE_KENV:kenv(8):ad
43115:AUE_JAIL_ATTACH:jail_attach(2):ad
43116:AUE_SYSCTL_WRITE:sysctl(3):ad
#
# User space system events.
#

42
contrib/openbsm/libbsm/au_control.3
View File

@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#3 $
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $
.\"
.Dd April 19, 2005
.Dt AU_CONTROL 3
@ -34,7 +34,10 @@
.Nm getacdir ,
.Nm getacmin ,
.Nm getacflg ,
.Nm getacna
.Nm getacna ,
.Nm getacpol ,
.Nm au_poltostr
.Nm au_strtopol
.Nd "Look up information from the audit_control database"
.Sh LIBRARY
.Lb libbsm
@ -52,6 +55,12 @@
.Fn getacflg "char *auditstr" "int len"
.Ft int
.Fn getacna "char *auditstr" "int len"
.Ft int
.Fn getacpol "char *auditstr" "size_t len"
.Ft ssize_t
.Fn au_poltostr "long policy" "size_t maxsize" "char *buf"
.Ft int
.Fn au_strtopol "const char *polstr" "long *policy"
.Sh DESCRIPTION
These interfaces may be used to look up information from the
.Xr audit_control 5
@ -90,15 +99,42 @@ returns the non-attributable flags via the passed character buffer
.Va auditstr
of length
.Va len .
.Pp
.Fn getacpol
returns the audit policy flags via the passed character buffer
.Va auditstr
of length
.Va len .
.Pp
.Fn au_poltostr
converts a numeric audit policy mask,
.Va policy ,
value to a string in the passed character buffer
.Va buf
of lenth
.Va maxsize .
.Pp
.Fn au_strtopol
converts an audit policy flags string,
.Va polstr ,
to a numeric audit policy mask returned via
.Va policy .
.Sh RETURN VALULES
.Fn getacdir ,
.Fn getacmin ,
.Fn getacflg ,
.Fn getacna ,
.Fn getacpol ,
and
.Fn getacna
.Fn au_strtopol
return 0 on success, or a negative value on failure, along with error
information in
.Va errno .
.Pp
.Fn au_poltostr
returns a string length of 0 or more on success, or a negative value on
if there is a failure.
.Pp
Functions that return a string value will return a failure if there is
insufficient room in the passed character buffer for the full string.
.Sh SEE ALSO

10
contrib/openbsm/libbsm/au_open.3
View File

@ -23,16 +23,17 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 $
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#5 $
.\"
.Dd March 4, 2006
.Dt AU_OPEN 3
.Os
.Sh NAME
.Nm au_open ,
.Nm au_write ,
.Nm au_close ,
.Nm au_close_buffer
.Nm au_close_buffer ,
.Nm au_close_token ,
.Nm au_open ,
.Nm au_write
.Nd "Create and commit audit records"
.Sh LIBRARY
.Lb libbsm
@ -120,6 +121,7 @@ return 0 on success, or a negative value on failure, along with error
information in
.Va errno .
.Sh SEE ALSO
.Xr audit_submit 3 ,
.Xr libbsm 3
.Sh AUTHORS
This software was created by Robert Watson, Wayne Salamon, and Suresh

343
contrib/openbsm/libbsm/bsm_control.c
View File

@ -1,5 +1,6 @@
/*
* Copyright (c) 2004 Apple Computer, Inc.
* Copyright (c) 2006 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -26,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#13 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#15 $
*/
#include <bsm/libbsm.h>
@ -37,9 +38,14 @@
#include <stdio.h>
#include <stdlib.h>
#include <config/config.h>
#ifndef HAVE_STRLCAT
#include <compat/strlcat.h>
#endif
/*
* Parse the contents of the audit_control file to return the audit control
* parameters.
* parameters. These static fields are protected by 'mutex'.
*/
static FILE *fp = NULL;
static char linestr[AU_LINE_MAX];
@ -97,22 +103,224 @@ getstrfromtype_locked(char *name, char **str)
}
}
/*
* Convert a policy to a string. Return -1 on failure, or >= 0 representing
* the actual size of the string placed in the buffer (excluding terminating
* nul).
*/
ssize_t
au_poltostr(long policy, size_t maxsize, char *buf)
{
int first;
if (maxsize < 1)
return (-1);
first = 1;
buf[0] = '\0';
if (policy & AUDIT_CNT) {
if (strlcat(buf, "cnt", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_AHLT) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "ahlt", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_ARGV) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "argv", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_ARGE) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "arge", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_SEQ) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "seq", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_WINDATA) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "windata", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_USER) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "user", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_GROUP) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "group", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_TRAIL) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "trail", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_PATH) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "path", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_SCNT) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "scnt", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_PUBLIC) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "public", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_ZONENAME) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "zonename", maxsize) >= maxsize)
return (-1);
first = 0;
}
if (policy & AUDIT_PERZONE) {
if (!first) {
if (strlcat(buf, ",", maxsize) >= maxsize)
return (-1);
}
if (strlcat(buf, "perzone", maxsize) >= maxsize)
return (-1);
first = 0;
}
return (strlen(buf));
}
/*
* Convert a string to a policy. Return -1 on failure (with errno EINVAL,
* ENOMEM) or 0 on success.
*/
int
au_strtopol(const char *polstr, long *policy)
{
char *bufp, *string;
char *buffer;
*policy = 0;
buffer = strdup(polstr);
if (buffer == NULL)
return (-1);
bufp = buffer;
while ((string = strsep(&bufp, ",")) != NULL) {
if (strcmp(string, "cnt") == 0)
*policy |= AUDIT_CNT;
else if (strcmp(string, "ahlt") == 0)
*policy |= AUDIT_AHLT;
else if (strcmp(string, "argv") == 0)
*policy |= AUDIT_ARGV;
else if (strcmp(string, "arge") == 0)
*policy |= AUDIT_ARGE;
else if (strcmp(string, "seq") == 0)
*policy |= AUDIT_SEQ;
else if (strcmp(string, "winau_fstat") == 0)
*policy |= AUDIT_WINDATA;
else if (strcmp(string, "user") == 0)
*policy |= AUDIT_USER;
else if (strcmp(string, "group") == 0)
*policy |= AUDIT_GROUP;
else if (strcmp(string, "trail") == 0)
*policy |= AUDIT_TRAIL;
else if (strcmp(string, "path") == 0)
*policy |= AUDIT_PATH;
else if (strcmp(string, "scnt") == 0)
*policy |= AUDIT_SCNT;
else if (strcmp(string, "public") == 0)
*policy |= AUDIT_PUBLIC;
else if (strcmp(string, "zonename") == 0)
*policy |= AUDIT_ZONENAME;
else if (strcmp(string, "perzone") == 0)
*policy |= AUDIT_PERZONE;
else {
free(buffer);
errno = EINVAL;
return (-1);
}
}
free(buffer);
return (0);
}
/*
* Rewind the file pointer to beginning.
*/
static void
setac_locked(void)
{
ptrmoved = 1;
if (fp != NULL)
fseek(fp, 0, SEEK_SET);
}
void
setac(void)
{
pthread_mutex_lock(&mutex);
ptrmoved = 1;
if (fp != NULL)
fseek(fp, 0, SEEK_SET);
setac_locked();
pthread_mutex_unlock(&mutex);
}
/*
* Close the audit_control file
* Close the audit_control file.
*/
void
endac(void)
@ -136,72 +344,54 @@ getacdir(char *name, int len)
char *dir;
int ret = 0;
if (name == NULL) {
errno = EINVAL;
return (-2);
}
pthread_mutex_lock(&mutex);
/*
* Check if another function was called between
* successive calls to getacdir
* Check if another function was called between successive calls to
* getacdir.
*/
pthread_mutex_lock(&mutex);
if (inacdir && ptrmoved) {
ptrmoved = 0;
if (fp != NULL)
fseek(fp, 0, SEEK_SET);
ret = 2;
}
if (getstrfromtype_locked(DIR_CONTROL_ENTRY, &dir) < 0) {
pthread_mutex_unlock(&mutex);
return (-2);
}
pthread_mutex_unlock(&mutex);
if (dir == NULL)
if (dir == NULL) {
pthread_mutex_unlock(&mutex);
return (-1);
if (strlen(dir) >= len)
}
if (strlen(dir) >= len) {
pthread_mutex_unlock(&mutex);
return (-3);
}
strcpy(name, dir);
pthread_mutex_unlock(&mutex);
return (ret);
}
/*
* Return the minimum free diskspace value from the audit control file
* Return the minimum free diskspace value from the audit control file.
*/
int
getacmin(int *min_val)
{
char *min;
setac();
if (min_val == NULL) {
errno = EINVAL;
return (-2);
}
pthread_mutex_lock(&mutex);
setac_locked();
if (getstrfromtype_locked(MINFREE_CONTROL_ENTRY, &min) < 0) {
pthread_mutex_unlock(&mutex);
return (-2);
}
pthread_mutex_unlock(&mutex);
if (min == NULL)
if (min == NULL) {
pthread_mutex_unlock(&mutex);
return (1);
}
*min_val = atoi(min);
pthread_mutex_unlock(&mutex);
return (0);
}
@ -213,30 +403,22 @@ getacflg(char *auditstr, int len)
{
char *str;
setac();
if (auditstr == NULL) {
errno = EINVAL;
return (-2);
}
pthread_mutex_lock(&mutex);
setac_locked();
if (getstrfromtype_locked(FLAGS_CONTROL_ENTRY, &str) < 0) {
pthread_mutex_unlock(&mutex);
return (-2);
}
pthread_mutex_unlock(&mutex);
if (str == NULL)
if (str == NULL) {
pthread_mutex_unlock(&mutex);
return (1);
if (strlen(str) >= len)
}
if (strlen(str) >= len) {
pthread_mutex_unlock(&mutex);
return (-3);
}
strcpy(auditstr, str);
pthread_mutex_unlock(&mutex);
return (0);
}
@ -248,28 +430,47 @@ getacna(char *auditstr, int len)
{
char *str;
setac();
if (auditstr == NULL) {
errno = EINVAL;
return (-2);
}
pthread_mutex_lock(&mutex);
setac_locked();
if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) {
pthread_mutex_unlock(&mutex);
return (-2);
}
pthread_mutex_unlock(&mutex);
if (str == NULL)
if (str == NULL) {
pthread_mutex_unlock(&mutex);
return (1);
if (strlen(str) >= len)
}
if (strlen(str) >= len) {
pthread_mutex_unlock(&mutex);
return (-3);
}
strcpy(auditstr, str);
return (0);
}
/*
* Return the policy field from the audit control file.
*/
int
getacpol(char *auditstr, size_t len)
{
char *str;
pthread_mutex_lock(&mutex);
setac_locked();
if (getstrfromtype_locked(POLICY_CONTROL_ENTRY, &str) < 0) {
pthread_mutex_unlock(&mutex);
return (-2);
}
if (str == NULL) {
pthread_mutex_unlock(&mutex);
return (-1);
}
if (strlen(str) >= len) {
pthread_mutex_unlock(&mutex);
return (-3);
}
strcpy(auditstr, str);
pthread_mutex_unlock(&mutex);
return (0);
}

14
contrib/openbsm/libbsm/bsm_io.c
View File

@ -31,7 +31,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#40 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#41 $
*/
#include <sys/types.h>
@ -1190,7 +1190,8 @@ fetch_execarg_tok(tokenstr_t *tok, char *buf, int len)
for (i = 0; i < tok->tt.execarg.count; i++) {
bptr = buf + tok->len;
tok->tt.execarg.text[i] = bptr;
if (i < AUDIT_MAX_ARGS)
tok->tt.execarg.text[i] = bptr;
/* Look for a null terminated string. */
while (bptr && (*bptr != '\0')) {
@ -1202,6 +1203,8 @@ fetch_execarg_tok(tokenstr_t *tok, char *buf, int len)
return (-1);
tok->len++; /* \0 character */
}
if (tok->tt.execarg.count > AUDIT_MAX_ARGS)
tok->tt.execarg.count = AUDIT_MAX_ARGS;
return (0);
}
@ -1235,9 +1238,10 @@ fetch_execenv_tok(tokenstr_t *tok, char *buf, int len)
if (err)
return (-1);
for (i = 0; i< tok->tt.execenv.count; i++) {
for (i = 0; i < tok->tt.execenv.count; i++) {
bptr = buf + tok->len;
tok->tt.execenv.text[i] = bptr;
if (i < AUDIT_MAX_ENV)
tok->tt.execenv.text[i] = bptr;
/* Look for a null terminated string. */
while (bptr && (*bptr != '\0')) {
@ -1249,6 +1253,8 @@ fetch_execenv_tok(tokenstr_t *tok, char *buf, int len)
return (-1);
tok->len++; /* \0 character */
}
if (tok->tt.execenv.count > AUDIT_MAX_ENV)
tok->tt.execenv.count = AUDIT_MAX_ENV;
return (0);
}

3
contrib/openbsm/libbsm/bsm_token.c
View File

@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#51 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#52 $
*/
#include <sys/types.h>
@ -71,7 +71,6 @@
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socketvar.h>
#include <bsm/audit_internal.h>
#include <bsm/libbsm.h>

15
contrib/openbsm/libbsm/libbsm.3
View File

@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#5 $
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#7 $
.\"
.Dd April 19, 2005
.Dt LIBBSM 3
@ -55,15 +55,18 @@ These are described respectively in the
.Xr au_notify 3 ,
.Xr au_stream 3 ,
.Xr au_token 3 ,
and
.Xr au_user 3
man pages.
manual pages.
.Ss Audit Event Stream Interfaces
Audit event stream interfaces support interaction with file-backed audit
event streams:
.Xr au_close 3 .
.Xr au_close 3 ,
.Xr au_close_buffer 3 ,
.Xr au_free_token 3 ,
.Xr au_open 3 ,
.Xr au_write 3 ,
.Xr audit_submit 3 .
.Ss Audit Class Interfaces
Audit class interfaces support the look up of information from the
.Xr audit_class 5
@ -83,7 +86,10 @@ database:
.Xr getacdir 3 ,
.Xr getacflg 3 ,
.Xr getacmin 3 ,
.Xr getacna 3 .
.Xr getacna 3 ,
.Xr getacpol 3 ,
.Xr au_poltostr 3 ,
.Xr au_strtopol 3 .
.Ss Audit Event Interfaces
Audit event interfaces support the look up of information from the
.Xr audit_event 5
@ -188,6 +194,7 @@ database:
.Xr au_stream 3 ,
.Xr au_token 3 ,
.Xr au_user 3 ,
.Xr audit_submit 3 ,
.Xr audit_class 5 ,
.Xr audit_control 5
.Sh AUTHORS

58
contrib/openbsm/man/audit_control.5
View File

@ -25,7 +25,7 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#11 $
.\"
.Dd January 4, 2006
.Dt AUDIT_CONTROL 5
@ -63,6 +63,9 @@ an action cannot be attributed to a specific user.
The minimum free space required on the file system audit logs are being written to.
When the free space falls below this limit a warning will be issued.
Not currently used as the value of 20 percent is chosen by the kernel.
.It Va policy
A list of global audit policy flags specifying various behaviors, such as
fail stop, auditing of paths and arguments, etc.
.El
.Sh AUDIT FLAGS
Audit flags are a comma-delimited list of audit classes as defined in the
@ -86,6 +89,53 @@ Do not record successful events
.It ^-
Do not record failed events
.El
.Sh AUDIT POLICY FLAGS
The policy flags field is a comma-delimited list of policy flags from the
following list:
.Pp
.Bl -tag -width zonename -compact -offset indent
.It cnt
Allow processes to continue running even though events are not being audited.
If not set, processes will be suspended when the audit store space is
exhausted.
Currently, this is not a recoverable state.
.It ahlt
Fail stop the system if unable to audit an event--this consists of first
draining pending records to disk, and then halting the operating system.
.It argv
Audit command line arguments to
.Xr execve 2 .
.It arge
Audit environmental variable arguments to
.Xr execve 2 .
.It seq
Include a unique audit sequence number token in generated audit records (not
implemented on FreeBSD or Darwin).
.It group
Include supplementary groups list in generated audit records (not implemented
on FreeBSD or Darwin; supplementary groups are never included in records on
these systems).
.It trail
Append a trailer token to each audit record (not implemented on FreeBSD or
Darwin; trailers are always included in records on these systems).
.It path
Include secondary file paths in audit records (not implemented on FreeBSD or
Darwin; secondary paths are never included in records on these systems).
.It zonename
Include a zone ID token with each audit record (not implemented on FreeBSD or
Darwin; FreeBSD audit records do not currently include the jail ID or name.)
.It perzone
Enable auditing for each local zone (not implemented on FreeBSD or Darwin; on
FreeBSD, audit records are collected from all jails and placed in a single
global trail, and only limited audit controls are permitted within a jail.)
.El
.Pp
It is recommended that installations set the
.Dv cnt
flag but not
.Dv ahlt
flag unless it is intended that audit logs exceeding available disk space
halt the system.
.Sh DEFAULT
The following settings appear in the default
.Nm
@ -95,12 +145,18 @@ dir:/var/audit
flags:lo
minfree:20
naflags:lo
policy:cnt
.Ed
.Pp
The
.Va flags
parameter above specifies the system-wide mask corresponding to login/logout
events.
The
.Va policy
parameter specifies that the system should neither fail stop nor suspend
processes when the audit store fills.
will be audited.
.Sh FILES
.Bl -tag -width "/etc/security/audit_control" -compact
.It Pa /etc/security/audit_control

4
contrib/openbsm/man/auditon.2
View File

@ -25,7 +25,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#7 $
.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#8 $
.\"
.Dd April 19, 2005
.Dt AUDITON 2
@ -192,7 +192,7 @@ structure. The
field will be set to the maximum audit log file size.
A value of 0 indicates no limit to the size.
The
.Ft af_filesz
.Ft af_currsz
will be set to the current audit log file size.
.It Dv A_GETCWD
.\" [COMMENTED OUT]: Valid description, not yet implemented.

BIN
contrib/openbsm/test/reference/arg32_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/arg32_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/data_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/data_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/file_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/file_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/header32_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/in_addr_record Normal file
View File

Binary file not shown.

1
contrib/openbsm/test/reference/in_addr_token Normal file
View File

@ -0,0 +1 @@
*<2A><>d

BIN
contrib/openbsm/test/reference/ip_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/ip_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/ipc_record Normal file
View File

Binary file not shown.

1
contrib/openbsm/test/reference/ipc_token Normal file
View File

@ -0,0 +1 @@
"4Vx

BIN
contrib/openbsm/test/reference/iport_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/iport_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/opaque_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/opaque_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/path_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/path_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/process32_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/process32_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/process32ex_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/process32ex_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/return32_record Normal file
View File

Binary file not shown.

1
contrib/openbsm/test/reference/return32_token Normal file
View File

@ -0,0 +1 @@
'<27>4Vx

BIN
contrib/openbsm/test/reference/seq_record Normal file
View File

Binary file not shown.

1
contrib/openbsm/test/reference/seq_token Normal file
View File

@ -0,0 +1 @@
/4Vx

BIN
contrib/openbsm/test/reference/subject32_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/subject32_token Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/subject32ex_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/subject32ex_token-IPv4 Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/subject32ex_token-IPv6 Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/text_record Normal file
View File

Binary file not shown.

BIN
contrib/openbsm/test/reference/text_token Normal file
View File

Binary file not shown.

1
contrib/openbsm/test/reference/trailer_token Normal file
View File

@ -0,0 +1 @@
<13>4Vx

BIN
contrib/openbsm/test/samples/execve-long-args.trail Normal file
View File

Binary file not shown.

16
contrib/openbsm/tools/audump.c
View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2005 Robert N. M. Watson
* Copyright (c) 2005-2006 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#5 $
* $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#6 $
*/
#include <bsm/libbsm.h>
@ -77,8 +77,9 @@ audump_class_r(void)
static void
audump_control(void)
{
char string[PATH_MAX];
char string[PATH_MAX], string2[PATH_MAX];
int ret, val;
long policy;
ret = getacflg(string, PATH_MAX);
if (ret == -2)
@ -116,6 +117,15 @@ audump_control(void)
printf("dir:%s\n", string);
} while (ret == 0);
ret = getacpol(string, PATH_MAX);
if (ret != 0)
err(-1, "getacpol");
if (au_strtopol(string, &policy) < 0)
err(-1, "au_strtopol");
if (au_poltostr(policy, string2, PATH_MAX) < 0)
err(-1, "au_poltostr");
printf("policy:%s\n", string2);
}
static void